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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1-23. (Cancelled). 

24. (Currently Amended) In a computer system, the computer system including 
system memory, a processor, and a computer- readable medium, a data store and a method store 
being stored on the computer-readable medium, the data store and the method store arranged 
together in a combined item hierarchy on the computer-readable medium, the data store having 
least one data item that depends from a method in the method store and the method store having 
at least one method that depends from data in the data store, the combined item hierarchy being 
divided into one or more non-overlapping security zones, each of the one or more non- 
overlapping security zones being defined as a grouping of one or more data items and one or 
more method items having common security rules such that principals with administrative rights 
to items in a non-overlapping security zone can treat all the items in the non-overlapping security 
zone uniformly in accordance with common security rules, a method of splitting the one or more 
non-overlapping security zones into a plurality of non-overlapping security zones to facilitate 
more efficient delegation assiRnment of administrative rights to principals, comprising: 

an act of identifying a grouping of data items and method items in the combined 
item hierarchy for which new common security rules are to be enforced, the identified 
grouping of data items and method items currently included in an existing non- 
overlapping zone from among the one or more non-overlapping zones, existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zone; 

an act of the processor re-configuring the one or more non-overlapping security 
zones so that administrative rights can be delegated assigned at a granularity that is finer 
than an entire database but yet coarse enough so as to not require delegation assignment 
for each item, including: 

an act of splitting the existing non-overlapping security zone into a new 
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non-overlapping security zone and a remnant of the existing non-overlapping 
security zone, the arrangement of the new non-overlapping security zone relative 
to the remnant of the existing non-overlapping security zone based on the location 
of the identified grouping of data items and method items within the combined 
item hierarchy, the new non-overlapping security zone for containing the 
identified grouping of data items and methods items, the remnant of the existing 
non-overlapping security zone containing at least one data item or method item 
from the existing non-overlapping security zone, wherein said splitting is 
restricted in such a way as to prevent overlapping between security zones and 
such that none of the data items and method items are included in more than one 
security zone; and 

an act of adjusting data properties of each of the items in the identified 
grouping of data items and method items to represent that the identified grouping 
of data items and method items are contained in the new non-overlapping security 
zone; 

for any principals that had existing administrative rights in the existing non- 
overlapping security zone based on the existing common security rules being enforced in 
the existing non-overlapping security zone at the time the existing non-overlapping zone 
was split, an act of retaining those existing administrative rights in the new non- 
overlapping security zone, including in the identified grouping of data items and methods 
items, subsequent to splitting the existing non-overlapping security zone and subsequent 
to adjusting data properties to represent that the identified grouping of data items and 
methods items are contained in the new non-overlapping security zone; and 

an act of specifying that granting one or more additional principals have other 
administrative rights in the new non-overlapping zone to one or more additional 
principals in accordance with the new common security rules, assigning the other rights 
to the new non-overlapping zone collectively granting the other rights to each item in the 
identified grouping of data items and method items through the assignment of the other 
rights to the new non-overlapping security zone b ased on the new common security rules 
by specifying that the one or more additional principals have the other administrative 
rights to the new non overlapping security zone in accordance with the new common 
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security rules , the other administrative r ights differing from the existing administrative 
rights. 

25. (Previously Presented) The method of claim 24, wherein specifying the one or 
more additional principals is performed by the one or more main principals. 

26. (Previously Presented) The method of claim 24 wherein the act of adjusting data 
properties of each of the items in the identified grouping of data items and method items 
comprises labeling each of the items with a security zone enumeration corresponding to the new 
non-overlapping security zone. 

27. (Currently Amended) The method of claim 24, the administrative rights being 
security rights. 

28. (Currently Amended) The method of claim 24, the administrativ e rights being 
auditing rights. 

Claims 29-32. (Cancelled). 

Claim 33. (Cancelled). 



Page 4 of 9 



Application No. 10/630,162 

Amendment "G" dated July 2, 2009 

Reply to Non-Compliant Office Action mailed June 3, 2009 

34. (Currently Amended) A computer program product for use at a computer system, 
the computer program product comprising one or more computer-readable storage media, a data 
store and a method stored being stored on the one or more computer-readable storage media, the 
data store and the method store arranged together in a combined item hierarchy on the computer- 
readable medium, the data store having least one data item that depends from a method in the 
method store and the method store having at least one method that depends from data in the data 
store, the combined item hierarchy being divided into one or more non-overlapping security 
zones, each of the one or more non-overlapping security zones being defined as a grouping of 
one or more data items and one or more method items having common security rules such that 
principals with administrative rights to items in a non-overlapping security zone can treat all the 
items in the non-overlapping security zone uniformly in accordance with common security rules, 
the computer-readable storage media also storing computer-executable instructions that, when 
executed by a processor, cause the computer system to perform a method of splitting the one or 
more non-overlapping security zones into a plurality of non-overlapping security zones to 
facilitate more efficient delegation of administrative rights to, comprising: 

an act of identifying a grouping of data items and method items in the combined 
item hierarchy for which new common security rules are to be enforced, the identified 
grouping of data items and method items currently included in an existing non- 
overlapping zone from among the one or more non-overlapping zones, existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zone; 

an act of the re-configuring the one or more non-overlapping security zones so 
that administrative rights can be delegated at a granularity that is finer than an entire 
database but yet coarse enough so as to not require delegation for each item, including: 

an act of splitting the existing non-overlapping security zone into a new 
non-overlapping security zone and a remnant of the existing non-overlapping 
security zone, the arrangement of the new non-overlapping security zone relative 
to the remnant of the existing non-overlapping security zone based on the location 
of the identified grouping of data items and method items within the combined 
item hierarchy, the new non-overlapping security zone for containing the 
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identified grouping of data items and methods items, the remnant of the existing 
non-overlapping security zone containing at least one data item or method item 
from the existing non-overlapping security zone, wherein said splitting is 
restricted in such a way as to prevent overlapping between security zones and 
such that none of the data items and method items are included in more than one 
security zone; and 

an act of adjusting data properties of each of the items in the identified 
grouping of data items and method items to represent that the identified grouping 
of data items and method items are contained in the new non-overlapping security 
zone; 

for any principals that had existing administrative rights in the existing non- 
overlapping security zone based on the existing common security rules being enforced in 
the existing non-overlapping security zone at the time the existing non-overlapping zone 
was split, an act of retaining those existing administrative rights in the new non- 
overlapping security zone* including in the identified grouping of data items and methods 
items, subsequent to splitting the existing non-overlapping security zone and subsequent 
to adjusting data properties to represent that the identified grouping of data items and 
methods items are contained in the new non-overlapping security zone; and 

an act of specifying that granting one or more additional principals have other 
administrative rights in the new non-overlapping zone to one or more additional 
principals in accordance with the new common security rules, assigning the other rights 
to the new non-overlapping zone collectively granting the other rights to each item in the 
identified grouping of data items and method items through the granting of the other 
rights to the new non-overlapping security zone b ased on the new common security rules 
by specifying that the one or more additional principals have the other administrative 
rights to the new non overlapping security zone in accordance with the new common 
security rules , the other administrative rights differing from the existing administrative 
rights. 



Claim 35. (Cancelled). 
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36. (Previously Presented) The method of claim 24, wherein the existing common 
security rules comprise an access control list defining the rights a principal has to the items in the 
remnant of the existing non-overlapping security zone. 

37. (Previously Presented) The method of claim 24, wherein the new common 
security rules comprise an access control list defining the rights a principal has to the items in the 
new non-overlapping security zone. 

38. (Previously Presented) The computer program product of claim 34, wherein 
specifying the one or more additional principals is performed by the one or more main principals. 

39. (Currently Amended) The computer program product of claim 34, wherein the act 
of adjusting data properties of each of the items in the identified grouping of data items and 
method items comprises labeling each of the items with a security zone enumeration 
corresponding to the first-new non-overlapping security zone. 

40. (Previously Presented) The computer program product of claim 34, the 
administrative rights being security rights. 

41. (Previously Presented) The computer program product of claim 34, the 
administrative rights being auditing rights. 

42. (Previously Presented) The computer program product of claim 34, wherein the 
existing common security rules comprise an access control list defining the rights a principal has 
to the items in the remnant of the existing non-overlapping security zone. 

43. (Previously Presented) The computer program product of claim 34, wherein the 
new common security rules comprise an access control list defining the rights a principal has to 
the items in the new non-overlapping security zone. 
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44. (New) The method as recited in claim 24, wherein an act of granting other rights 
in the new non-overlapping security zone to one or more additional principals in accordance with 
the new common security rules comprises an act of granting a set of rights in the non- 
overlapping security zone to the one or more additional principals so as to collectively grant the 
set of rights to the one or more additional principals for each item in the identified grouping of 
data items and method items through the granting of the set of rights in the new non-overlapping 
security zone, the set of rights including one or more rights selected from among: read, write, 
delete, and execute. 

45. (New) The computer program product as recited in claim 34, wherein an act of 
granting other rights in the new non-overlapping security zone to one or more additional 
principals in accordance with the new common security rules comprises an act of granting a set 
of rights in the non-overlapping security zone to the one or more additional principals so as to 
collectively grant the set of rights to the one or more additional principals for each item in the 
identified grouping of data items and method items through the granting of the set of rights in the 
new non-overlapping security zone, the set of rights including one or more rights selected from 
among: read, write, delete, and execute. 



Page 8 of 9 



